1 / 109

Internet Wiretapping and Carnivore

Internet Wiretapping and Carnivore. Sarah Boucher Edward Cotler Stephen Larson. May 17, 2001. Introduction. Law enforcement needs Individuals’ privacy concerns Emerging technology. Goals.

marionwallace
Download Presentation

Internet Wiretapping and Carnivore

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Wiretappingand Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001

  2. Introduction • Law enforcement needs • Individuals’ privacy concerns • Emerging technology

  3. Goals • To inform about the current technical, government, and public opinion state of U.S. Internet wiretapping policy through a case study of the FBI’s Carnivore system • To discuss concerns about the current state of U.S. Internet wiretapping policy • To propose changes to improve the U.S. system of Internet wiretapping

  4. Timeline • 1791 – The Fourth Amendment to the Constitution • 1928 – Olmstead v United States • 1934 – Federal Communications Act • 1937 – Nardone v United States • 1939 – Nardone v United States • 1967 – Berger v United States • 1967 – Katz v United States • 1968 – Omnibus Crime Control and Safe Streets Act • 1978 – Foreign Intelligence Surveillance Act

  5. Timeline • 1979 – Smith v Maryland • 1986 – Electronic Communications Privacy Act • 1994 – Communications Assistance for Law Enforcement Act • 2000 – US Telecom v FCC • 2000 – Hearings in House and Senate committees • 2000 – Digital Privacy Act, proposed • 2000 – Electronic Communications Privacy Act, proposed • 2000 – Illinois report released

  6. Key Players • ACLU: Opposed to wiretaps in general. • CDT: Sees a place for restricted wiretaps. • EPIC: Acquired key information using the FOIA. • DOJ: In charge of the FBI, project in general. • FBI: Conducted at least 25 Internet wiretaps already. • Congress: Trying to catch the laws up.

  7. Background

  8. Legislative Background • Fourth Amendment • FCA • Title III • FISA • ECPA • CALEA • Digital Privacy Act of 2000 • Electronic Privacy Act of 2000

  9. Legislative Background • Fourth Amendment • The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

  10. Legislative Background • Federal Communications Act of 1934 • Prohibited the interception and disclosure of any communication without the consent of at least one of the parties to the communication.

  11. Legislative Background • Title III of the Omnibus Crime Control and Safe Streets Act of 1968 • Electronic surveillance made illegal, except pursuant to a court order.

  12. Legislative Background • How to get a court order for electronic surveillance • Prove probable cause that an indictable crime has been, is being, or is about to be committed. • Specifically describe the communications to be intercepted. • Other investigative procedures have failed or are too dangerous.

  13. Legislative Background • Foreign Intelligence Surveillance Act of 1978 • Requires approval from the Foreign Intelligence Surveillance Court for electronic surveillance in national security cases.

  14. Legislative Background • Electronic Communications Privacy Act of 1986 • Amended Title III protections to cover most wire and wireless communications. • Requires a court order for the use of pen register and trap and trace devices. • Delineates regulations for the use of roving wiretaps.

  15. Legislative Background • Communication Assistance for Law Enforcement Act of 1994 • Requires telecommunications carriers to ensure the ability of law enforcement agencies to intercept communications.

  16. Legislative Background • Digital Privacy Act of 2000, proposed in the 106th Congress • Strengthened the requirements for obtaining a court order for the use of pen register and trap and trace devices. • Heightened the reporting requirements for electronic surveillance.

  17. Legislative Background • Electronic Privacy Act of 2000, proposed in the 106th Congress • Strengthened the requirements for obtaining a court order for the use of pen register and trap and trace devices. • Other privacy enhancing changes to current federal wiretapping laws.

  18. Judicial Background • Olmstead v. US • Nardone v. US • Berger v. US • Katz v. US • Smith v. Maryland • US Telecomm v. FCC

  19. Judicial Background • Olmstead vs. US, 1928 • Supreme Court held that wiretaps were not a violation of the Fourth Amendment. • Justice Brandeis wrote a strong dissent supporting the extension of Fourth Amendment rights to wiretapping.

  20. Judicial Background • Nardone vs. US, 1937 and again in 1939 • Based on FCA of 1934, the Court ruled that wiretap evidence could not be used in trial. • In the second case, the Court expanded this ruling to include any evidence derived from a wiretap.

  21. Judicial Background • Berger vs. US, 1967 • Supreme Court found that a New York State law that had been used to secure a warrant for wiretapping was overbroad in its scope.

  22. Judicial Background • Katz vs. US, 1967 • Supreme Court effectively overturned Olmstead v US, saying that “the Fourth Amendment protects people, not places.”

  23. Judicial Background • Smith vs. Maryland, 1979 • Supreme Court held that there is a lower expectation of privacy in pen mode information, therefore no warrant is required to intercept this information.

  24. Judicial Background • US Telecomm v. FCC, 2000 • Challenges to the implementation Order for CALEA. • Supreme Court held that location information for wireless communications as well as packet-mode data collection can be required by CALEA.

  25. Executive Background When does the FBI use Carnivore? • The ISP cannot narrow sufficiently the information retrieved to comply with the court order • The ISP cannot receive sufficient information • The FBI does not want to disclose information to the ISP, as in a sensitive national security investigation.

  26. Full mode wiretap Case agent consults with the Chief Division Counsel, and a Technically Trained Agent. Pen mode wiretap Case agent writes up a request with a justification for necessity Executive Background

  27. Executive Background • FBI shows a judge the relevance of the information • FBI shows a judge why traditional enforcement methods are insufficient • FBI submits a request with information such as target ISP, e-mail address, etc. • FBI waits 4-6 months

  28. Public Policy Background

  29. Public Policy Background • Wiretaps influenced by administrative policy choice • 10,000 before Safe Streets Act (1968) • 9,000 after Safe Streets Act • Could Carnivore have similar usage patterns? • Log secrecy • 1850% increase from 1997 to 1999

  30. Technical Background • Hardware • Software

  31. Hardware Architecture • A one-way tap into an Ethernet data stream • A general purpose computer to filter and collect data • One or more additional general purpose computers to control the collection and examine the data • A ‘locked’ telephone link to connect the computers

  32. Hardware Architecture The Internet Ethernet Switch Tap Hub Carnivore Other Network Segments Hub Remote Target Bystander

  33. One Way Tap • The Century Tap • Produced by Shomiti Systems (3rd party)

  34. Filtering/Collection Computer • Pentium-class PC • 2 GB Jaz Drive • Generic 10/100 Mbps Ethernet adapter • A modem • Windows NT • pcAnywere

  35. Control/Examination Computer • Another regular computer with: • pcAnywhere • Dragonware • Secure?

  36. Telephone Link • Electronic device that prevents phone line connection unless you are the key.

  37. Software Architecture Functionality • Filtering • Filter Precedence • Output • Analysis

  38. Software Architecture

  39. Software Architecture • Filtering

  40. Software Architecture • Filter Precedence • Output • .vor • .output • .error • Analysis • Packeteer • CoolMiner

  41. Software Architecture • TapNDIS (written in C) is a kernal-mode driver which captures Ethernet packets as they are received, and applies some filtering. • TapAPI.dll (written in C++) provides the API for accessing the TapNDIS driver functionality from other applications. • Carnivore.dll (written in C++) provides functionality for controlling the intercept of raw data. • Carnivore.exe (written in Visual Basic) is the GUI for Carnivore.

  42. Concerns

  43. Legislative/Judicial Concerns • Pen mode collection • Not strictly defined. • Low standard for obtaining a court order for the interception of this information. • Reporting of pen mode interceptions is minimal.

  44. Legislative/Judicial Concerns • Minimization of interception: • No formal definition of minimization of search requirements. • The minimization process only has optional judicial review. • No requirements on who conducts the minimization.

  45. Legislative/Judicial Concerns • FISA interceptions: • No notification requirement, unless information from the intercept will be used in a criminal trial. • Completely confidential, the only information reported annually is the number of applications and the number of orders granted.

  46. Public/Executive Concerns • Trust • Ease of access • Loss of ISP control • Procedural

  47. Trust “Carnivore is roughly equivalent to a wiretap capable of accessing the contents of the conversations of all of the phone company’s customers, with the ‘assurance’ that the FBI will record only conversations of the specified target.” – Barry Steinhardt Associate Director, ACLU

  48. Trust • Should we trust the government? • Agents overlook, misplace or otherwise mangle information • FBI still makes record-keeping mistakes • Blanton • Salvati • McVeigh

  49. Ease of Access “I would rather have the government crawl under barbed wire with a flashlight to install a listening device in my basement than to have them click a mouse in an office and gain access to my most private conversations.” Phil Zimmermann Inventor, PGP

  50. Ease of Access • Allocation of resources • Self-selects more important wiretaps • Easier to make mistakes • No paper trail in digital age

More Related